Why cryptocurrency businesses need to heed FinCEN's onboarding regs
After a two-year period designed to give banks and other covered financial institutions time to make the necessary administrative changes to their customer onboarding processes, a new FinCEN measure called the Customer Due Diligence rule recently went into effect.
The CDD rule requires banks and other financial institutions to identify the actual individuals and beneficial owners behind a corporation that wants to open an account with the financial institution.
What does this mean for money-services businesses, which can include everything from your corner check cashing store to cryptocurrency exchanges and virtual currency token issuers? Technically, nothing, as the CDD rule is limited to “covered financial institutions” which FinCEN defined to include banks, broker-dealers, mutual funds and futures commissions merchants, but not money-services businesses.
Yet, one can expect some impact on MSBs from the issuance of this new rule. For cryptocurrency entrepreneurs in particular, many of whom are just developing the anti-money-laundering programs they are required to have under other FinCEN rules, the CDD rule is worth taking note of.
FinCEN’s CDD rule requires financial institutions to identify the individuals that own and control the legal entities, such as corporations, limited liability companies and partnerships, that seek to open accounts with them.
The rule was issued in the wake of the Panama Papers scandal, which had led to the discovery of an extensive array of shell companies and other legal entities that had been used by prominent figures worldwide to obscure their assets, in some cases for illicit purposes.
The rule, therefore, is aimed at increasing transparency throughout the finance industry and preventing the use of legal entities for laundering money, evading taxes or using funds for illicit activities. To do this, the CDD rule requires increased customer identification and due diligence along with continual monitoring and risk assessment related to customer relationships.
With some exceptions, the rule requires that financial institutions take steps and collect documents to identify the “beneficial owners” of legal entity customers. Beneficial owners are defined as any individual who owns 25% or more of the equity of the legal entity customer. The rule also requires legal entities to identify a single individual who has significant control over the entity. In doing so, the institution must collect the name, date of birth, address and an identifying number (such as a Social Security number) to verify the identity of each beneficial owner as well as supporting documentation to substantiate the information collected.
While the CDD rule is not retroactive, the new customer monitoring requirements mean that a financial institution may have to conduct a beneficial owner inquiry even on an existing customer when information affecting risk ratings or overall risk assessments comes to light.
While not directly covered by the CDD rule, an MSB that has an account with a bank will be subject to the rule themselves in their role as customer and will have to provide their own beneficial ownership and control information. Additionally, in the case of cryptocurrency businesses, banks and other financial institutions have already shown some reluctance to provide account services due to concern about the use of these platforms by those engaged in fraud, money laundering and other crimes. So, while not technically required, some banks may push their MSB customers to use the same beneficial ownership standards they do in order to increase transparency and their own comfort levels in providing account services.
And, whether FinCEN someday extends this rule to money-services businesses or not, the rule does shed light on what regulators are concerned about related to customer identification. Just as MSBs are not subject to the more prescriptive customer identification requirements that FinCEN applies to banks, but are still expected to use ongoing risk assessments to identify customer relationships that should be subject to enhanced due diligence, one can imagine that FinCEN will expect an MSB to use ongoing monitoring to identify those legal entity customers whose circumstances demand a deeper dive into who they really are.